The present invention, in some embodiments thereof, relates to a system and a method for encryption and decryption and, more particularly, but not exclusively, to a system and a method for encryption and decryption of digital data transmitted over a communication network.
The Internet and the World Wide Web allow companies and organizations to offer services in a document, such as a digital form of web applications, to businesses and individuals who may access and utilize these services with a personal computer and a web browser. Some examples of those applications are electronic mail, instant messaging, productivity tools, customer relationship management, enterprise resource planning, human resources applications, blogs, and social networking sites.
This model has inherent security risks. User data, such as messages, customer records, and company financials, are stored on remote servers beyond the control of the provider of the user data. Storing personal or corporate information on remote servers exposes the data owner to many risks, and implies that the information's owner must trust the entity that owns the computer systems hosting the information and the network connecting the information owner and the hosting systems.
For instance, commonly known accounting software solutions require its customers to post accounting information that is stored on the solution provider's servers. In such systems, the customer has to entrust the solution provider with the accounting information and lose control over the privacy and integrity thereof.
Known applications utilize a variety of encryption schemes to render data unintelligible to anyone who does not possess the appropriate decryption methods or keys. Hosted applications may require that certain information be unencrypted while the encryption of other information will not affect the application. Application providers may enable and/or require an information owner to encrypt data in transit between a client and a host using secure socket layer (SSL) encryption or another method. This prevents an internet service provider (ISP) and other potential eavesdroppers from seeing the data itself. The data is decrypted upon arrival to the hosted application, and the hosted application vendor can still see the owner's data. Some methods currently exist for partial data encryption, but the level of granularity provided by these methods is insufficient to simultaneously meet the requirements of multiple generic hosted applications.
For example, U.S. Pat. No. 7,165,175, filed on Sep. 6, 2000 describes an apparatus and method for selectively encrypting portions of data sent over a network between client and server. The apparatus includes parsing means for separating a first portion of the data from a second portion of the data, encrypting means for encrypting only of the first portion of the data, and combining means for combining the encrypted first portion of the data with the second portion of the data. The apparatus further includes decrypting means installed at the client for decrypting the encrypted portion of the data. WIPO Patent Number WO 01/47205 A2, filed on Nov. 9, 2000 enhanced computer network encryption using downloaded software objects. This application describes a method and a system for securing highly sensitive financial and other data contained in transmissions over a public network, such as the World Wide Web, linking a web server computer to a remote client computer. By determining a desired (usually strong) specific standard of encryption for all sensitive communications between web server and client, and “pushing” the capability to encrypt to such standard to the client by automatically downloading from the web server to the client, and executing within the client's web browser, software objects to perform encryption/decryption tasks pursuant to the chosen standard, strong encryption is readily assured even if the client did not originally have such strong encryption capabilities.